bug bounty
AI is drowning software maintainers in junk security reports
AI-assisted vulnerability research has exploded, unleashing a firehose of low-quality reports on overworked software maintainers who are wasting hours sifting through noise …
Google to pay up to $1.5 million for zero-click Pixel Titan M exploits
Google has revised its Android and Chrome Vulnerability Reward Programs (VRPs), which pay security researchers to report vulnerabilities in Android, Google hardware, and the …
Meta and PortSwigger drive offensive security further to find what others miss
Meta Bug Bounty and PortSwigger have formed a partnership to help security researchers sharpen their skills, collaborate more closely, and improve vulnerability discovery. The …
Make OpenAI’s models misbehave and earn a reward
OpenAI’s public Safety Bug Bounty program focuses on AI abuse and safety risks across its products. The goal is to support safe and secure systems and reduce the risk of …
Bug bounties are broken, and the best security pros are moving on
Penetration testing engagements are organized as scheduled contracts with defined scope, set testing windows, and direct communication channels with client teams. Cobalt’s …
Apple offers $2 million for zero-click exploit chains
Apple bug bounty program’s categories are expanding and rewards are rising, and zero-click exploit chains may now earn researchers up to $2 million. “Our bonus …
How to get better results from bug bounty programs without wasting money
The wrong bug bounty strategy can flood your team with low-value reports. The right one can surface critical vulnerabilities that would otherwise slip through. A new academic …
The legal minefield of hacking back
In this Help Net Security interview, Gonçalo Magalhães, Head of Security at Immunefi, discusses the legal and ethical implications of hacking back in cross-border cyber …
Microsoft announces Zero Day Quest hacking event with big rewards
Microsoft is enhancing its bug bounty initiatives with the launch of the Zero Day Quest hacking event. With $4 million in potential rewards, it focuses on driving research in …
Red teaming: The key ingredient for responsible AI
Developing responsible AI isn’t a straightforward proposition. On one side, organizations are striving to stay at the forefront of technological advancement. On the other …
Bug hunters can get up to $450,000 for an RCE in Google’s Android apps
Google has drastically increased the rewards bug hunters can get for reporting vulnerabilities in Android apps it develops and maintains. “We increased reward amounts by …
How to optimize your bug bounty programs
In this Help Net Security interview, Roy Davis, Manager – Vulnerability Management & Bug Bounty at Zoom, discusses the role bug bounty programs play in identifying …
Featured news
Resources
Don't miss
- Google fixes actively exploited Android vulnerability (CVE-2025-48595)
- Red Hat npm packages compromised in new Mini Shai-Hulud malware wave
- Zero trust physical security needs trust decisions at the edge
- Why you need BAS and autonomous pentesting together
- This AI model backdoor attack stays hidden until you customize the model